One such easy-to-exploit, only critical vulnerability has been discovered inwards ESET's antivirus software that could permit whatever unauthenticated attackers to remotely execute arbitrary code amongst source privileges on a Mac system.
The critical safety flaw, tracked every bit CVE-2016-9892, inwards ESET Endpoint Antivirus six for macOS was discovered past times Google Security Team's researchers Jason Geffner in addition to January Bee at the showtime of Nov 2016.
As detailed inwards the full disclosure, all a hacker needs to top root-level remote code execution on a Mac estimator is to intercept the ESET antivirus package's connectedness to its backend servers using a self-signed HTTPS certificate, position himself inwards every bit a man-in-the-middle (MITM) attacker, in addition to exploit an XML library flaw.
The actual number was related to a service named esets_daemon, which runs every bit root. The service is statically linked amongst an outdated version of the POCO XML parser library, version 1.4.6p1 released inwards March 2013.
This POCO version is based on a version of the Expat XML parser library version 2.0.1 from 2007, which is affected past times a publicly known XML parsing vulnerability (CVE-2016-0718) that could permit an assailant to execute arbitrary code via malicious XML content.
Now, when esets_daemon sent a asking to https://edf.eset.com/edf during activation of the ESET Endpoint Antivirus product, an MITM assailant tin intercept the asking to deliver a malformed XML document using a self-signed HTTPS certificate.
This upshot triggers the CVE-2016-0718 flaw that executes the malicious code amongst source privileges when esets_daemon parsed the XML content.
This ready on was possible because the ESET antivirus did non validate the spider web server's certificate.
Here's what the pair explain:
"Vulnerable versions of ESET Endpoint Antivirus six are statically linked amongst an outdated XML parsing library in addition to create non perform proper server authentication, allowing for remote unauthenticated attackers to perform arbitrary code execution every bit source on vulnerable clients."
Now since the hacker controls the connection, they tin mail malicious content to the Mac estimator inwards guild to hijack the XML parser in addition to execute code every bit root.
The Google researchers convey also released the proof-of-concept (PoC) exploit code, which entirely shows how the ESET antivirus app tin locomote used to drive a crash.
ESET addressed this vulnerability on Feb 21 past times upgrading the POCO parsing library in addition to past times configuring its production to verify SSL certificates.
The piece is made available inwards the free of version 6.4.168.0 of ESET Endpoint Antivirus for macOS. So, brand certain your antivirus bundle is patched upwards to date.
